Almost 1,000 Danish websites have been defaced by Islamic hackers protesting about controversial cartoons mocking the Prophet Muhammad.

The attacks typically replace home pages with pro-Islam messages and condemn the publication of the images.

Hack attack monitoring group Zone-H said the defacements were done both by hacker groups and individuals.

Zone-H said some hackers left moderate messages but many called for a violent response to the cartoons' publication.

Fast response

"We have never seen so many defacements that are politically targeted in such a short time," said Roberto Preatoni, founder and administrator of Zone-H.

"What is extraordinary for this Danish case is the speed in which the community united," he added.

Mr Preatoni said monitoring of hacker chat channels revealed that hackers and groups in different Islamic nations had banded together to make the protests more effective. Attacks were known to have come from groups in Turkey, Saudi Arabia, Oman and Indonesia.

Many of the groups involved in the attacks were well known, said Mr Preatoni, but some new ones had emerged as the attacks unfolded.

There was even evidence that the protests had brought one older hacker out of retirement just to make his feelings known.

Hackers used net chat channels to co-ordinate attacks

It was now rare for real world disputes to be without a digital equivalent, said Mr Preatoni and many hackers used website attacks and defacements to make their contribution to political protests.

Many of the messages that replaced the home pages on hacked sites simply condemned the publication of the cartoons in Danish newspaper Jyllands-Posten on 30 September 2005. Some messages called for boycotts of Danish goods.

Other messages warned against mocking Muhammad and some told the Danes to expect a violent response.

More than 900 Danish websites have suffered defacement during the wave of attacks, said Mr Preatoni. He added that a further 1600 Western sites have also been attacked and defaced as part of the same protest.

Many of the defacements were cleared up quickly, said Mr Preatoni.

"Generally a defacement, if it's happening on a home page, is usually replaced within a day."

However, he added, secondary defacements buried within a website can last for months or years before they are found and removed by website administrators.

It was likely that many of the Western sites hacked came from ready prepared lists of sites that were vulnerable to attack. However, said Mr Preatoni, readily available scanning tools made it easy to find and profile those Danish sites ripe for defacement.

Most of the sites targeted were run by small organisations and companies that do not have dedicated security workers and cannot keep up with the latest alerts and patches for vulnerabilities.

So far, said Mr Preatoni, there was little evidence that western hacker groups were taking any action in retaliation for the Islamic attacks.